Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:58723 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49767 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49767 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49767 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49767 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49767 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:51971 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.6:49768 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49768 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49768 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.6:49768 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49768 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:56591 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49769 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49769 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49769 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49769 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49769 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49769 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:60350 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49770 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49770 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49770 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49770 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49770 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49770 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:51748 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49771 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49771 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49771 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49771 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49771 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49771 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:61116 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49772 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49772 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49772 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49772 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49772 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49772 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:50958 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49773 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49773 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49773 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49773 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49773 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49773 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:49695 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49774 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49774 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49774 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49774 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49774 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49774 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:61607 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49775 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49775 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49775 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49775 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49775 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49775 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:51666 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49787 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49787 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49787 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49787 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49787 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49787 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:57037 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49788 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49788 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49788 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49788 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49788 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49788 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:62643 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49791 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49791 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49791 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49791 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49791 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49791 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:52089 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49795 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49795 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49795 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49795 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49795 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49795 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:52698 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49797 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49797 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49797 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49797 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49797 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49797 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:61901 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49799 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49799 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49799 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49799 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49799 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49799 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:50081 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49804 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49804 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49804 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49804 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49804 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49804 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:49520 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49806 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49806 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49806 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49806 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49806 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49806 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:53049 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49808 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49808 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49808 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49808 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49808 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49808 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:52125 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49811 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49811 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49811 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49811 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49811 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49811 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:63104 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49812 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49812 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49812 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49812 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49812 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49812 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:55083 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49813 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49813 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49813 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49813 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49813 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49813 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:58360 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49814 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49814 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49814 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49814 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49814 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49814 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:59724 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49816 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49816 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49816 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49816 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49816 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49816 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:59106 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49818 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49818 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49818 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49818 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49818 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49818 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:60658 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49820 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49820 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49820 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49820 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49820 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49820 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:65367 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49823 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49823 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49823 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49823 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49823 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49823 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:64579 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49832 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49832 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49832 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49832 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49832 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49832 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:49463 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49846 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49846 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49846 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49846 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49846 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49846 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:64150 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49860 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49860 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49860 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49860 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49860 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49860 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:52328 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49869 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49869 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49869 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49869 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49869 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49869 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:57422 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49876 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49876 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49876 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49876 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49876 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49876 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:63844 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49880 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49880 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49880 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49880 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49880 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49880 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:57269 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49881 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49881 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49881 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49881 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49881 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49881 |
Source: Traffic |
Snort IDS: 2014169 ET DNS Query for .su TLD (Soviet Union) Often Malware Related 192.168.2.6:51645 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.6:49883 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.6:49883 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.6:49883 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.6:49883 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2825766 ETPRO TROJAN LokiBot Checkin M2 192.168.2.6:49883 -> 45.11.26.144:80 |
Source: Traffic |
Snort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 45.11.26.144:80 -> 192.168.2.6:49883 |
Source: 1.0.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.2.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.2.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.2.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.2.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.2.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.2.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.2.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.2.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.TRANSFER.EXE.3b05550.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 0.2.TRANSFER.EXE.3b05550.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 0.2.TRANSFER.EXE.3b05550.1.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 0.2.TRANSFER.EXE.3b05550.1.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.TRANSFER.EXE.3ae5530.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 0.2.TRANSFER.EXE.3ae5530.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 0.2.TRANSFER.EXE.3ae5530.0.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 0.2.TRANSFER.EXE.451dcd0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen |
Source: 0.2.TRANSFER.EXE.451dcd0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen |
Source: 0.2.TRANSFER.EXE.3ae5530.0.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.409421719.0000000003B05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000000.00000002.409421719.0000000003B05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000000.00000002.409421719.0000000003B05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.408476159.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000000.00000002.408476159.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000000.00000002.408476159.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000002.637716959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 00000001.00000002.637716959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000001.00000002.637716959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000001.00000002.637716959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki Payload Author: kevoreilly |
Source: 00000001.00000002.637716959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.409336982.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000000.00000002.409336982.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000000.00000002.409336982.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000000.390107800.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 00000001.00000000.390107800.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000001.00000000.390107800.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000001.00000000.390107800.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki Payload Author: kevoreilly |
Source: 00000001.00000000.390107800.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000000.389788702.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 00000001.00000000.389788702.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000001.00000000.389788702.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000001.00000000.389788702.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki Payload Author: kevoreilly |
Source: 00000001.00000000.389788702.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000000.389487311.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 00000001.00000000.389487311.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000001.00000000.389487311.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000001.00000000.389487311.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki Payload Author: kevoreilly |
Source: 00000001.00000000.389487311.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000000.390702511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 00000001.00000000.390702511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000001.00000000.390702511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000001.00000000.390702511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki Payload Author: kevoreilly |
Source: 00000001.00000000.390702511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000000.390434456.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 00000001.00000000.390434456.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000001.00000000.390434456.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000001.00000000.390434456.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki Payload Author: kevoreilly |
Source: 00000001.00000000.390434456.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000000.389104727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: Process Memory Space: TRANSFER.EXE PID: 5732, type: MEMORYSTR |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: Process Memory Space: cmdkey.exe PID: 5816, type: MEMORYSTR |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.0.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 0.2.TRANSFER.EXE.3b05550.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.2.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.2.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.2.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.2.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.2.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 0.2.TRANSFER.EXE.3ae5530.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 1.0.cmdkey.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.2.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.2.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.2.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.2.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.2.cmdkey.exe.400000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.TRANSFER.EXE.3b05550.1.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 0.2.TRANSFER.EXE.3b05550.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 0.2.TRANSFER.EXE.3b05550.1.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 0.2.TRANSFER.EXE.3b05550.1.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 0.2.TRANSFER.EXE.3b05550.1.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 1.0.cmdkey.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.TRANSFER.EXE.3ae5530.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, score = , reference = https://twitter.com/stvemillertime/status/1237035794973560834, modified = 2021-05-27 |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.0.cmdkey.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.TRANSFER.EXE.3ae5530.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 0.2.TRANSFER.EXE.3ae5530.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 0.2.TRANSFER.EXE.3ae5530.0.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 0.2.TRANSFER.EXE.451dcd0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender |
Source: 0.2.TRANSFER.EXE.451dcd0.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object |
Source: 0.2.TRANSFER.EXE.3ae5530.0.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.0.cmdkey.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.409421719.0000000003B05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000000.00000002.409421719.0000000003B05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000000.00000002.409421719.0000000003B05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.408476159.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000000.00000002.408476159.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000000.00000002.408476159.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000002.637716959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 00000001.00000002.637716959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000001.00000002.637716959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000001.00000002.637716959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 00000001.00000002.637716959.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.409336982.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000000.00000002.409336982.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000000.00000002.409336982.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000000.390107800.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 00000001.00000000.390107800.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000001.00000000.390107800.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000001.00000000.390107800.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 00000001.00000000.390107800.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000000.389788702.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 00000001.00000000.389788702.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000001.00000000.389788702.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000001.00000000.389788702.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 00000001.00000000.389788702.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000000.389487311.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 00000001.00000000.389487311.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000001.00000000.389487311.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000001.00000000.389487311.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 00000001.00000000.389487311.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000000.390702511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 00000001.00000000.390702511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000001.00000000.390702511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000001.00000000.390702511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 00000001.00000000.390702511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000000.390434456.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 00000001.00000000.390434456.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000001.00000000.390434456.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000001.00000000.390434456.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 00000001.00000000.390434456.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000000.389104727.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: Process Memory Space: TRANSFER.EXE PID: 5732, type: MEMORYSTR |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: Process Memory Space: cmdkey.exe PID: 5816, type: MEMORYSTR |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\TRANSFER.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmdkey.exe |
Process information set: NOGPFAULTERRORBOX |
Jump to behavior |